Joomla! CMS Multiple Cross Site Scripting Vulnerabilities - July 2011 Network Vulnerability

Summary

This host is running Joomla and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application.

Solution

Upgrade to Joomla CMS 1.7.0 or later. For updates refer to http://www.joomla.org/

Insight

Multiple flaws are caused by improper validation of user-supplied input via multiple parameters to 'index.php', which allows attackers to execute arbitrary HTML and script code on the web server.

Affected

Joomla CMS versions 1.6.x and 1.7.0-RC.

References

http://bl0g.yehg.net/2011/07/joomla-170-rc-and-lower-multiple-cross.html
http://seclists.org/fulldisclosure/2011/Jul/271
http://www.openwall.com/lists/oss-security/2011/07/22/5

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2710

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

123 Flash Chat Multiple Security Vulnerabilities
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities